Menu
Amazon Relational Database Service
API Reference (API Version 2014-10-31)

RevokeDBSecurityGroupIngress

Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups. Required parameters for this API are one of CIDRIP, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId).

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

CIDRIP

The IP range to revoke access from. Must be a valid CIDR range. If CIDRIP is specified, EC2SecurityGroupName, EC2SecurityGroupId and EC2SecurityGroupOwnerId cannot be provided.

Type: String

Required: No

DBSecurityGroupName

The name of the DB security group to revoke ingress from.

Type: String

Required: Yes

EC2SecurityGroupId

The id of the EC2 security group to revoke access from. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId must be provided.

Type: String

Required: No

EC2SecurityGroupName

The name of the EC2 security group to revoke access from. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId must be provided.

Type: String

Required: No

EC2SecurityGroupOwnerId

The AWS Account Number of the owner of the EC2 security group specified in the EC2SecurityGroupName parameter. The AWS Access Key ID is not an acceptable value. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId must be provided.

Type: String

Required: No

Response Elements

The following element is returned by the service.

DBSecurityGroup

Contains the result of a successful invocation of the following actions:

This data type is used as a response element in the DescribeDBSecurityGroups action.

Type: DBSecurityGroup object

Errors

For information about the errors that are common to all actions, see Common Errors.

AuthorizationNotFound

Specified CIDRIP or EC2 security group is not authorized for the specified DB security group.

RDS may not also be authorized via IAM to perform necessary actions on your behalf.

HTTP Status Code: 404

DBSecurityGroupNotFound

DBSecurityGroupName does not refer to an existing DB security group.

HTTP Status Code: 404

InvalidDBSecurityGroupState

The state of the DB security group does not allow deletion.

HTTP Status Code: 400

Example

Sample Request


https://rds.us-east-1.amazonaws.com/
   ?Action=RevokeDBSecurityGroupIngress 
   &CIDRIP=192.0.0.1%2F32
   &DBSecurityGroupName=mydbsecuritygroup01
   &SignatureMethod=HmacSHA256
   &SignatureVersion=4
   &Version=2014-09-01
   &X-Amz-Algorithm=AWS4-HMAC-SHA256
   &X-Amz-Credential=AKIADQKE4SARGYLE/20140428/us-east-1/rds/aws4_request
   &X-Amz-Date=20140428T233956Z
   &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
   &X-Amz-Signature=d9edabccacae36138704fb2b3cf6755ef08123862191b19d74582497b75e544a

Sample Response


<RevokeDBSecurityGroupIngressResponse xmlns="http://rds.amazonaws.com/doc/2014-09-01/">
  <RevokeDBSecurityGroupIngressResult>
    <DBSecurityGroup>
      <EC2SecurityGroups/>
      <DBSecurityGroupDescription>My new DBSecurityGroup</DBSecurityGroupDescription>
      <IPRanges>
        <IPRange>
          <CIDRIP>192.0.0.1/32</CIDRIP>
          <Status>revoking</Status>
        </IPRange>
      </IPRanges>
      <OwnerId>803#########</OwnerId>
      <DBSecurityGroupName>mydbsecuritygroup01</DBSecurityGroupName>
    </DBSecurityGroup>
  </RevokeDBSecurityGroupIngressResult>
  <ResponseMetadata>
    <RequestId>579d8ba0-be2d-11d3-ae4f-eec568ed6b36</RequestId>
  </ResponseMetadata>
</RevokeDBSecurityGroupIngressResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: